RE: Ivanti Management Console ver 10.1.30.401
Patch and Compliance Reporting
I need to create a report that lists all of the most recent Microsoft patched downloaded in the last month. Specifically I am looking for those with vulnerability levels of Critical/High, Important/High and Moderate. I am a new user and so far have not been able to find a way to query for these updates.
Thanks in advance for any assistance!
James
When we are trying to Scan(Machine Group and Patch templates), scan is getting failed on " Resolve Machine To Scan" step.
When we select "View Results" it gives Status as "Access Denied to Ip XXXXXX; Cradentials may be invalid" with error code "106".
Software on Machine: Windows 10 64-bit OS.
Please refer the attached screen shot.
To diagnose this issue, there are many symptoms that may need to be considered:
Agent To Console CommunicationTest test
FAILED - No consoleUri in environment. Unable to complete test.
There are many reasons the registration could fail, but generally the above symptoms indicate some sort of communication issue with the agent being able to reach the Protect console for registration.
Start by first checking that some simple connection tests work from the agent system to the console system:
If the above tests are all successful, continue to the next steps in troubleshooting:
If the agent is failing to install at a different percentage mark or when manually installing, you may want to consider reviewing the following documents:
Agent Failing at 67% (Registration Failure)
Manual installation of agent fails on registration.
Shavlik Protect 9.x
I would like to create a custom report on the SQL Server backend database to find the status of all servers with regard to the installation (or lack thereof) of the Spectre/Meltdown patches. I'm sure that this is just a customization of the Patch Status Detail Report, but I'm curious about what people are doing for the filter clause? Are you filtering by Bulletin ID? Surely I can't be the first person who has asked this, ...
Can Shavlik Protect Standard 9.2 be hosted from a Windows 10 Client system?
I am getting ready to deploy the latest version of Office 2016 via Office 365.
From this KB: Office 365 Support for Shavlik Protect/Ivanti Patch for Windows Servers I understand that Ivanti Patch can manage deployment of patches for Click To Run versions of Office 2016 on the Semi-Annual 'channel' (Which I think is the new name for Deferred?). Just to confirm, as long as I leave the default patch download path pointed to Microsoft's CDN and the auto updates turned off in the Office applications then Shavlik patch will still find and 'deploy' patches to Office when they become available?
Thanks
patch error 2147483647.
sfc /scannow comes up empty.
kb3181988 Windows reports manual update "not applicable to this system."
Is there a problem with the .XML patch detection?
The purpose of this document is to instruct how to run a diagnostic patch scan when you are unable to perform a DPDTrace for a detection issue.
2. Save your changes and select to restart the service now then close your console, then stop either the Shavlik Protect Console Service in 9.2 or the Ivanti Patch for Windows Servers service in 9.3.
3. Go to C:\ProgramData\Landesk\Shavlik Protect\Logs and delete or move the contents of the directory.
4. Restart the console service from step 2 then open your console and scan the machine that Support has requested the diagnostic scan for using the scan template that Support specifies. For instance, if the problem patch on the machine is a security patch, you would use the security patch scan template.
5. Save a screenshot similar to the screenshot above showing the machine name, definition date, scan template, Bulletin ID, and Q number of the patch having the issue.
6. Go to Tools > Options > Logging and uncheck the Diagnostic Patch scanning checkbox and save your changes.
7. Close your console, stop the console service from step 2, and zip up the contents of the C:\ProgramData\Landesk\Shavlik Protect\Logs folder.
8. Send the zipped Logs folder from step 7 and the screenshot from step 5 to Support.
You will still need to obtain Registry Exports from the problem client machine to send to Support along with the Diagnostic Patch Scan or DPDTrace. You will find instructions for obtaining these Registry Exports here Batch File for Obtaining Registry Exports for Detection Related Issues
Ivanti Patch for Windows Servers 9.3
Shavlik Protect 9.2
This just started today. Shavlik can still contact all of the PCs but I don't get any scan results, just Error Code -1.
I've already rebooted the Shavlik server. There don't seem to be any other problems around the network today that might be related.
Any ideas?
Since Friday 3-30-18 late afternoon, all scans produce Error code 900, critical error, send logs to support. We believe you all pushed an update Friday?? Thanks!
I had a Windows Server 2012 crash after patching last weekend. After some trial and error including hour long restores I narrowed down the issue to KB4088883:
Ivanti Patch News Bulletin: Preview of Monthly ... | Ivanti User Community
I found some help from a Microsoft forum but no information on whether there is a proper way to install the patch or if a corrected version would come out later:
So my questions are 1) Is anyone else having the same issue on their Windows Server 2012 Servers and what did you do to resolve the issue and 2) How do I exclude this patch from a scan or deployment so it does not get pushed out again and crash my server? I tried following the instructions in the following KB but had no luck finding the update:
How To: Include or Exclude Specific Patches in Scan Results in Shavlik Protect
Any help you guys can give would greatly be appreciated. Thanks!
So KB4099950 (https://community.ivanti.com/docs/DOC-66843 ) has been released to sort out the NIC issues that MS18-03-SO7 Q4088878 introduced. My normal scan template only scans for, and therefore deploys, Security Patches and Security Tools. As KB4099950 is classed as a Non-security patch, is it possible I could deploy this using my normal scanning template? Custom Action on the deployment template? How? I should add I'm still on Protect Standard 9.2.0 build 5119.
Cheers, Dilip.
This document will show how to unhide the sidebar in the main window of Shavlik Protect.
You are unable to see the sidebar in the main window of Shavlik Protect:
To unhide the sidebar in Shavlik Protect, click the arrow in the center of the very edge of the console screen:
Ivanti Patch for Windows Servers 9.3 +
Shavlik Protect 9.2
I have trouble finding specific MS patch: KB4100480
I have opened View -> Patches, selected all patch type and all Vendors and Families.
Unfortunately the patch above is not found:
Why is that?
Hi,
Where can I download the Patch for Windows Server Migration Tool from?
There only seems to be links to PDFs on how to use it and no link on where to get it from.
Steve
I am running on a disconnected network and need to acquire the nullpatch.exe patch. I am looking for a link to download the patch.
I am curious as to whether PWS will have any effect on App-V delivered programs, while patching those installed locally. Do I need to coordinate the patch versions of both or can I maintain them independently. Thank you.
Although this is more a SCCM issue, Ivanti Patch for SCCM is directly affected. This document will outline how to resolve Ivanti Patch for SCCM functionality issues caused when the SCCM user's Security Scope isn't set to: All instances of the objects that are related to the assigned security roles.
The requirements for Shavlik Patch are located here: How To: Verify your SCCM user is a member of the WSUS Administrators Group
In addition requirements from the document, the SCCM user must be assigned to the All instances of the objects that are related to the assigned security roles Security Scope.
This is an example of a SCCM Administrator who does not have All Instances Of The Objects That Are Related To The Assigned Security Roles set.
The AutoPublish.log located in this folder: C:\users\username\Shavlik\Shavlik Patch folder will contain these errors:
SMS Error: Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException You do not have security rights to perform this operation. AutoPublish 1/31/2017 3:14:14 PM 4 (0x0004)
Generic failure AutoPublish 1/31/2017 3:14:14 PM 4 (0x0004)
Your Configuration Manager security settings may be limited. Your security role should be 'Full Administrator' and your security scopes should be 'All instances of the objects that are related to the assigned security roles'. AutoPublish 1/31/2017 3:14:14 PM 4 (0x0004)
Error - AutoPublish returned code 18: Error cleaning up categories AutoPublish 1/31/2017 3:14:14 PM 1 (0x0001)
1. Open SCCM and select Administration.
2. Expand Security and select Administrative Users.
3. Locate the user used to log into the SCCM server and open its Properties.
4. On the Security Scopes tab select 'All Instances Of The Objects That Are Related To The Assigned Security Roles'.
5. Select OK..
There are two known workarounds if the option 'All Instances Of The Objects That Are Related To The Assigned Security Roles' is greyed. (pictured above)
Ivanti Patch for SCCM
I'm using Ivanti Patch for Windows Servers Standard 9.3 Build 4510.
What is the best method to get a report of all servers who are missing either an operating system service pack or a SQL server service pack? I reviewed the options in Tools\Create Report - these just left me confused. Perhaps there is already something canned that I'm missing or a better documented process for creating a report that I could be directed towards.
Thanks
I am using Shavlik Protect 9.3. I was patching a new server and everything was going fine. I rebooted after some patches and scanned again. This time the server only had 6 missing patches. I tried to push these patches and nothing happens. All other servers seem to be fine. I thought it was the Scheduler on the server, so I followed these directions to uninstall (How To: Uninstall & Reinstall The Shavlik (ST) Remote Scheduler Service On A Single Machine ). This did not resolve the issue and on the next scan/deploy it did not install the scheduler. It opens the deployment tracker once I request the patches to be deployed, but I can immediately click "Clear all completed" and it closes the window. It's like the Shavlik server has an issue with the client. Any help is appreciated.